Chapter 2

Question 1

A ____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file.

Answer 1

dictionary

Question 2

___ is sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise, in an attempt to trick the user into surrendering private information

Answer 2

Phishing

Question 3

Social engineering ____ means to create a fictitious character and then play out the role of that person on a victim.

Answer 3

impersonation

Question 4

The average phishing site only exists for ____ days to prevent law enforcement agencies from tracking the attackers.

Answer 4

3.8

Question 5

Instead of asking the user to visit a fraudulent Web site, ____ automatically redirects the user to the fake site.

Answer 5

pharming

Question 6

Whereas phishing involves sending millions of generic e-mail messages to users, ____ targets only specific users.

Answer 6

spear phishing

Question 7

____ identify individuals within the organization who are in positions of authority.

Answer 7

Organizational charts

Question 8

____ may reveal the true level of security within the organization.

Answer 8

Policy manuals

Question 9

____ involves using someone’s personal information, such as a Social Security number, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating

Answer 9

Identity theft

Question 10

Grouping individuals and organizations into clusters or groups based on their likes and interests is called ____.

Answer 10

social networking

Question 11

The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ____

Answer 11

social networking sites

Question 12

____ means an attacker who pretends to be from a legitimate research firm asks for personal information

Answer 12

Pretexting

Question 13

Stolen wallets and purses contain personal information that can be used in identity theft. This is known as ____.

Answer 13

stealing

Question 14

Using a standard ____ form, attackers can divert all mail to their post office box so that the victim never sees any charges made.

Answer 14

change-of-address

Question 15

The best approach to establishing strong security with passwords is to use a ____

Answer 15

password management tool

Question 16

A ____ is a program that lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password.

Answer 16

password management application

Question 17

The ____ of 2003 contains rules regarding consumer privacy.

Answer 17

Fair and Accurate Credit Transactions Act

Question 18

FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every ____.

Answer 18

12 months

Question 19

If a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, the agency has ____ days to investigate and respond to the alleged inaccuracy and issue a corrected report

Answer 19

30

Question 20

A ____ is a numerical measurement used by lenders to assess a consumer’s creditworthiness.

Answer 20

Credit Score

Question 21

Credit score reports cost about ____.

Answer 21

$10

Question 22

use of a telephone call instead of e-mail to contact a potential victim

Answer 22

Vishing

Question 23

one type of spear phishing

Answer 23

Whaling

Question 24

information entered is observed by another person

Answer 24

Shoulder surfing

Question 25

any secret combination of letters, numbers, and/or symbols that serves to validate or authenticate a user by what she knows

Answer 25

Password

Question 26

trying to guess a password through combining a systematic combination of characters

Answer 26

Brute force attacks

Question 27

means of gathering information for an attack by relying on the weaknesses of individuals

Answer 27

Social Engineering

Question 28

WUuAxB2aWBndTf7MfEtm is an example of this

Answer 28

Strong Password

Question 29

process that confirms a user’s identity

Answer 29

Authentication

Question 30

once an authorized person opens the door then virtually any number of individuals can follow behind and also enter the building or area

Answer 30

Tailgating